From 74b4a5210744d558ecfd098a9bbe9b2ea8c5b1ec Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pelle=20Sillre=CC=81n?= Date: Mon, 17 Oct 2022 14:34:26 +0200 Subject: [PATCH 1/7] Update github actions --- .github/workflows/tox.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/tox.yml b/.github/workflows/tox.yml index 071899c..137559a 100644 --- a/.github/workflows/tox.yml +++ b/.github/workflows/tox.yml @@ -11,9 +11,9 @@ jobs: python-version: [3.6, 3.7, 3.8, 3.9] steps: - - uses: actions/checkout@v1 + - uses: actions/checkout@v3 - name: Set up Python ${{ matrix.python-version }} - uses: actions/setup-python@v2 + uses: actions/setup-python@v4 with: python-version: ${{ matrix.python-version }} - name: Install python dependencies From 1c9727968316e24265dfd85a42e80e35e3405f44 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pelle=20Sillre=CC=81n?= Date: Mon, 17 Oct 2022 14:37:57 +0200 Subject: [PATCH 2/7] Limit versions of bokeh, Jinja, and importlib-metadata to fix build error. This is only necessary for python 3.6 it seems. --- requirements.txt | 3 ++- requirements_dev.txt | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/requirements.txt b/requirements.txt index 1e854b5..5331a61 100644 --- a/requirements.txt +++ b/requirements.txt @@ -3,8 +3,9 @@ Pillow>=6.2.0 # Avoid selenium bug: # https://github.com/SeleniumHQ/selenium/issues/5296 selenium>=3.7.0,<=3.8.0 -bokeh>=2.0.0,<3.0.0 +bokeh>=2.0.0,<2.3.0 scipy>=1.0.0,<2.0.0 ipykernel>=5.0 ipython>=7.0 pyyaml>=5.3.1 +Jinja2<3.1.0 diff --git a/requirements_dev.txt b/requirements_dev.txt index 016fa70..bb701c1 100644 --- a/requirements_dev.txt +++ b/requirements_dev.txt @@ -15,4 +15,5 @@ pytest-cov==2.5.1 coverage-badge==0.2.0 pytest-runner==2.11.1 pylint==1.7.4 -pyflakes==2.2.0 \ No newline at end of file +pyflakes==2.2.0 +importlib-metadata<5.0 From 96d49a358b21b08eda7e62e1e1c9a90e6f0b05e5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pelle=20Sillre=CC=81n?= Date: Mon, 17 Oct 2022 14:44:14 +0200 Subject: [PATCH 3/7] Updated required versions of pytest and coverage --- requirements_dev.txt | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/requirements_dev.txt b/requirements_dev.txt index bb701c1..35d6be5 100644 --- a/requirements_dev.txt +++ b/requirements_dev.txt @@ -5,12 +5,12 @@ twine==1.11.0 watchdog==0.8.3 flake8==3.8.2 tox>=3.13.2 -coverage==4.1 +coverage==6.2 Sphinx==1.7.7 commonmark==0.5.4 recommonmark==0.4.0 -pytest==3.2.3 +pytest==7.0.1 pytest-cov==2.5.1 coverage-badge==0.2.0 pytest-runner==2.11.1 From 569200c267539f58dd3837006debc96f0f0c83ec Mon Sep 17 00:00:00 2001 From: Anurag Kumar Date: Mon, 17 Oct 2022 18:29:30 +0530 Subject: [PATCH 4/7] Update setup.py (#135) Updated python versions in setup.py --- setup.py | 3 +++ 1 file changed, 3 insertions(+) diff --git a/setup.py b/setup.py index 23cb440..ce53d9b 100644 --- a/setup.py +++ b/setup.py @@ -106,6 +106,9 @@ def find_meta(meta): 'Natural Language :: English', "Programming Language :: Python :: 3.5", "Programming Language :: Python :: 3.6", + "Programming Language :: Python :: 3.7", + "Programming Language :: Python :: 3.8", + "Programming Language :: Python :: 3.9", "License :: OSI Approved :: Apache Software License" ], test_suite='tests', From 4d18abd867f87730e81ed7a954569f2819c23ec9 Mon Sep 17 00:00:00 2001 From: Moad Akhraz <77294440+mdakh404@users.noreply.github.com> Date: Mon, 17 Oct 2022 14:02:16 +0100 Subject: [PATCH 5/7] Update options.py (#133) yaml.safe_load to avoid execution of arbitrary code --- chartify/_core/options.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/chartify/_core/options.py b/chartify/_core/options.py index 654c667..f94b94e 100644 --- a/chartify/_core/options.py +++ b/chartify/_core/options.py @@ -109,7 +109,7 @@ def _from_yaml(self, filename): """ # Note: We assume that the contents of the config file are trusted # TODO: Change this file format to be plain yaml and use SafeLoader - yaml_options = yaml.load(open(filename), Loader=yaml.UnsafeLoader) + yaml_options = yaml.safe_load(open(filename)) self._options.update(yaml_options) From 66eb2e01102a0703af9e2aa4d0508b91eb002c9a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pelle=20Sillre=CC=81n?= Date: Mon, 17 Oct 2022 17:27:45 +0200 Subject: [PATCH 6/7] Revert "Update options.py (#133)" This reverts commit 4d18abd867f87730e81ed7a954569f2819c23ec9. --- chartify/_core/options.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/chartify/_core/options.py b/chartify/_core/options.py index f94b94e..654c667 100644 --- a/chartify/_core/options.py +++ b/chartify/_core/options.py @@ -109,7 +109,7 @@ def _from_yaml(self, filename): """ # Note: We assume that the contents of the config file are trusted # TODO: Change this file format to be plain yaml and use SafeLoader - yaml_options = yaml.safe_load(open(filename)) + yaml_options = yaml.load(open(filename), Loader=yaml.UnsafeLoader) self._options.update(yaml_options) From 5bab33f84db48a384ee1cb0e732b394a78dd7462 Mon Sep 17 00:00:00 2001 From: Pelle Sillren Date: Mon, 17 Oct 2022 17:31:10 +0200 Subject: [PATCH 7/7] Revert "Update options.py (#133)" This reverts commit 4d18abd867f87730e81ed7a954569f2819c23ec9.